Remove authentication in ASP.net MVC single page application

Question

I am trying to play about with the asp.net MVC SPA template in visual studio 2013, I don't need any of the authentication bits, I just need to load directly onto one of the controllers pages.

How do I get rid of all the authentication stuff from the initial template?

Answer 1

Remove the [Authorize] annotation from HomeController and remove this:

@section Scripts{
   @Scripts.Render("~/bundles/knockout")
   @Scripts.Render("~/bundles/app")
}

from Views\Home\Index.cshtml because one of does js is causing the redirect to the login page even after removing the [Authorize] annotation from HomeController and probably you don't need it. If you need these scripts in your page, then you need to edit one of them.

Answer 2

Here's what I did.

Remove [Authorize] attribute from the home controller.

Then in app.viewmodel.js you'll see this:

self[options.bindingMemberName] = ko.computed(function () {
    if (!dataModel.getAccessToken()) {
        // The following code looks for a fragment in the URL to get the access token which will be
        // used to call the protected Web API resource
        var fragment = common.getFragment();

        if (fragment.access_token) {
            // returning with access token, restore old hash, or at least hide token
            window.location.hash = fragment.state || '';
            dataModel.setAccessToken(fragment.access_token);
        } else {
            // no token - so bounce to Authorize endpoint in AccountController to sign in or register
            window.location = "/Account/Authorize?client_id=web&response_type=token&state=" + encodeURIComponent(window.location.hash);
        }
    }

    return self.Views[options.name];
});

This is the section that will redirect you to the login screen, so comment out or remove the if block. If you want you can also go into app.datamodel.js and remove or comment out self.getAccessToken.

In addition, in WebApiConfig.cs you will probably want to remove / comment out the following lines:

// Web API configuration and services
// Configure Web API to use only bearer token authentication.
config.SuppressDefaultHostAuthentication();
config.Filters.Add(new HostAuthenticationFilter(OAuthDefaults.AuthenticationType));

Answer 3

Here is how I solved it. I just removed the

Removed the [Authorize] annotation from HomeController.cs (got this from Castro Roy's answer). Even after this the app redirected to the login page.

To resolve the redirection remove the [Authorize] annotation from the AccountController.cs

However I have retained the authentication related code so that can be used in other pages.

Answer 4

Put [AllowAnonymous] at the beginning of the function you want to allow anonymous access to.